From 30e35574a13328197814eb7df1150b23306a4487 Mon Sep 17 00:00:00 2001
From: eldstal <laeder.keps@gmail.com>
Date: Thu, 30 Mar 2023 12:18:38 +0200
Subject: [PATCH 1/2] Input sanitization for wpa client, Fix for #1325

---
 includes/configure_client.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/includes/configure_client.php b/includes/configure_client.php
index 19269025..97df00e3 100755
--- a/includes/configure_client.php
+++ b/includes/configure_client.php
@@ -17,7 +17,9 @@ function DisplayWPAConfig()
 
     if (isset($_POST['connect'])) {
         $result = 0;
-        exec('sudo wpa_cli -i ' . $_SESSION['wifi_client_interface'] . ' select_network '.strval($_POST['connect']));
+        $iface = escapeshellarg($_SESSION['wifi_client_interface']);
+        $netid = escapeshellarg(strval($_POST['connect']));
+        exec('sudo wpa_cli -i ' . $iface . ' select_network ' . $netid);
         $status->addMessage('New network selected', 'success');
     } elseif (isset($_POST['wpa_reinit'])) {
         $status->addMessage('Reinitializing wpa_supplicant', 'info', false);

From db6bf4c6b4e686bac73672797ceac14607c93ade Mon Sep 17 00:00:00 2001
From: eldstal <laeder.keps@gmail.com>
Date: Fri, 31 Mar 2023 22:18:55 +0200
Subject: [PATCH 2/2] Additional type check on sensitive network ID parameter

---
 includes/configure_client.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/includes/configure_client.php b/includes/configure_client.php
index 97df00e3..fc24058e 100755
--- a/includes/configure_client.php
+++ b/includes/configure_client.php
@@ -19,8 +19,10 @@ function DisplayWPAConfig()
         $result = 0;
         $iface = escapeshellarg($_SESSION['wifi_client_interface']);
         $netid = escapeshellarg(strval($_POST['connect']));
-        exec('sudo wpa_cli -i ' . $iface . ' select_network ' . $netid);
-        $status->addMessage('New network selected', 'success');
+        if (is_numeric($netid)) {
+            exec('sudo wpa_cli -i ' . $iface . ' select_network ' . $netid);
+            $status->addMessage('New network selected', 'success');
+        }
     } elseif (isset($_POST['wpa_reinit'])) {
         $status->addMessage('Reinitializing wpa_supplicant', 'info', false);
         $force_remove = true;